[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #18390 [Tor Browser]: PDF.js triggers canvas fingerprinting warning for some PDFs

Subject: [tor-bugs] #18390 [Tor Browser]: PDF.js triggers canvas fingerprinting warning for some PDFs
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 24 Feb 2016 22:57:57 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 24 Feb 2016 17:58:18 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18390: PDF.js triggers canvas fingerprinting warning for some PDFs
-----------------------------+----------------------
     Reporter:  xcolour      |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Normal       |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |    Sponsor:
-----------------------------+----------------------
 I'm seeing the canvas fingerprinting warning for some PDFs served by
 PDF.js in the latest version of the Tor Browser Bundle (5.5.2). It appears
 that this only happens with image-heavy PDFs.

 For example: https://www.aclu.org/foia-document/some-key-sso-cyber-
 milestone-dates-fall-2005.

 It looks like this was fixed in #10570 for the Firefox-local version of
 PDF.js, but (perhaps intentionally) not for PDF.js if it's being served by
 the website.

 We use the PDF.js provided via the "PDF" Drupal extension version
 "7.x-1.6" with PDF.js version "1.1.215".

 Is this a bug in Tor Browser's canvas fingerprinting detection, or is what
 PDF.js is doing simply indistinguishable from a fingerprinting attempt?

 I've also opened a ticket with the PDF.js team
 (https://github.com/mozilla/pdf.js/issues/7026).

 Thanks!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18390>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #18390 [Tor Browser]: PDF.js triggers canvas fingerprinting warning for some PDFs
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #18390 [Tor Browser]: PDF.js triggers canvas fingerprinting warning for some PDFs
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #18390 [Tor Browser]: PDF.js triggers canvas fingerprinting warning for some PDFs
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #18390 [Tor Browser]: PDF.js triggers canvas fingerprinting warning for some PDFs
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
Next by Author: Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
Previous by thread: Re: [tor-bugs] #17274 [Tor]: Some kind of append-only log for consensus documents and votes
Next by thread: Re: [tor-bugs] #18390 [Tor Browser]: PDF.js triggers canvas fingerprinting warning for some PDFs
Index(es):
- Author
- Thread